# README
[!CAUTION] log-analyse is currently in alpha and not fit for production level use.
Log Analyse
log-analyse allows scanning hundreds of log files for pre-determined pattern matches.
The aim of log-analyse is to allow teams to store an array of patterns that may be
of interest in an assortment of log files and be notified when various thresholds around
those patterns are met.
log-analyse can be leveraged as a tool for basic visibility and alerting, aswell as a
security utility.
[!IMPORTANT] log-analyse will only ever need read permissions on the files it is monitoring
Planned Features
log-analyse aims to support the following:
- tail mode - live monitoring of log files with rotation support etc.
- analyse mode - retrospectively analyse log files.
- notification integrations for alerting.
- highly performant (and configurable) scanning of log files.
- extensible plugin system to allow user defined behaviour on alerting.
Quick start
log-analyse by default will look for a configuration file in ~/.loganalyse/loganalyse.yaml, however you can provide
an explicit absolute path to a yaml file via the -c file.
An example of the current configuration (changing rapidly):
---
files:
# A glob based folder lookup
- glob: "~/logs/*.txt"
threshold:
hits: 5
period: 30s
patterns:
- ".*FATAL.*"
- ".*payment failed.*"
notify: "email"
# An explicit log file
- glob: "~/logs/foo.log"
threshold:
hits: 1
period: 1m
patterns:
- ".*disk space low.*"
notify: "slack"
## TBD
integrations:
slack:
webhook: ""
email:
to:
- "[email protected]"
- "[email protected]"
Running Log-analyse
Running log analyse on your system is as easy as:
# ensure to use the minimum permissions necessary for the below:
go install github.com/symonk/log-analyse
mkdir ~/.loganalyse/loganalyse.yaml
# populate loganalyse.yaml with your configuration
log-analyse